What is a VLAN?

VLAN (or virtual lan), as defined by TechTarget, is "a logical overlay network that groups together a subset of devices that share a physical LAN, isolating the traffic for each group."

The basic thing that you need to know about vlans are tagged ports and untagged ports.  Tagged ports can pass traffic with any vlan they are tagged.  If port 1 is tagged on vlans 10, 20, 30, 40, 50, 60, 70, 80, 90, and 100, then they can pass traffic with all of those vlans.  Untagged ports can only accept traffic on the vlans they are untagged.  If port 1 is untagged on vlan 24, it can only accept traffic for that specific vlan.  HP/Aruba and Brocade/Ruckus use tagged and untagged.  Cisco uses trunk for tagged and access for untagged.

Also, whatever vlan you tag or untag a port on, that same configuration must go all the way back to the Brocade switch, so if you're configuring a switch that is five layers deep, your vlan must be configured on the previous switch in line:  For example - I have switches A, B, and C at my site.  On switch C, I configure vlan 80 and untag ports 1-47 and tag port 48 since this is my uplink.  On switches A and B, I would need to configure the same vlan and tag the ports that connect A to B and B to A and C.

One of the major gotchas is wireless access.  The access point operates on a port untagged for vlan 100.  However, the port the AP is connected to must be tagged with all the other vlans so that devices connecting to the AP will be able to access the correct vlan.

Easy, right?

Revision #2
Created Mon, Sep 12, 2022 4:26 PM by Thomas Sharpe
Updated Mon, Sep 12, 2022 5:17 PM by Thomas Sharpe